I need help with malware and adware. This has been going on for 2 weeks or so. Whenever I open a page, multiple adds pop-up, different pop-up windows appear with adds, usually advertising help with Windows but not only that. My computer has slowed down significantly. I scanned it with ZoneAlarm scanner and it didn't pick anything up.
I did an OTL scan, below is the result:
OTL logfile created on: 10/28/2013 8:33:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\zz\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.37 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 37.84% Memory free
4.98 Gb Paging File | 3.16 Gb Available in Paging File | 63.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 41.37 Gb Free Space | 37.01% Space Free | Partition Type: NTFS
Drive E: | 7.21 Gb Total Space | 4.05 Gb Free Space | 56.21% Space Free | Partition Type: FAT32
Computer Name: ZZ-PC | User Name: zz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/28 20:33:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\zz\Downloads\OTL.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/08 20:35:20 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/09/18 19:56:36 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/09/13 18:24:32 | 000,350,792 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/06/19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/13 17:53:30 | 000,042,536 | ---- | M] (MindSpark) -- C:\Program Files\TranslationBuddy_5e\bar\1.bin\5eSrchMn.exe
PRC - [2013/01/13 17:53:29 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\TranslationBuddy_5e\bar\1.bin\5ebarsvc.exe
PRC - [2013/01/13 17:53:29 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\TranslationBuddy_5e\bar\1.bin\5ebrmon.exe
PRC - [2012/06/22 09:55:48 | 000,265,952 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2012/03/27 16:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/08 20:35:20 | 016,233,864 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/09/18 19:56:36 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/06/03 07:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/08 20:35:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/18 19:56:36 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/13 18:24:32 | 000,350,792 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/13 17:53:29 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\TranslationBuddy_5e\bar\1.bin\5ebarsvc.exe -- (TranslationBuddy_5eService)
SRV - [2012/06/22 09:55:48 | 000,265,952 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2012/03/27 16:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C542AC0D-E755-41C1-94CA-9E61E458863E}\MpKslac12de0d.sys -- (MpKslac12de0d)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/06/13 16:34:06 | 000,452,120 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2013/02/21 14:44:16 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/11/15 21:06:06 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2008/06/03 10:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 10:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/...92-001d09b1050d
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F99D3F43-D6BF-E64F-D25A-DF3E0DB5D180}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...CFQqk4AodMUIA7Q
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {151e0e34-9665-43b7-8584-4d482bf3ca59} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {557B53A0-29BF-4B70-9719-9571B667FA39}
IE - HKCU\..\SearchScopes\{0B5CC205-EFBC-4D45-B8E7-570C32B5272A}: "URL" = http://search.zoneal...Id=&ver=&&r=750
IE - HKCU\..\SearchScopes\{557B53A0-29BF-4B70-9719-9571B667FA39}: "URL" = http://search.condui...M=2&SSPV=TB_TS7
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F99D3F43-D6BF-E64F-D25A-DF3E0DB5D180}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKCU\..\SearchScopes\F39BAD30A29343AE9770684DC068A972: "URL" = http://search.startn...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search By ZoneAlarm"
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
FF - prefs.js..extensions.enabledAddons: %7B5911488E-9D1E-40ec-8CBB-06B231CC153F%7D:2.5.3
FF - prefs.js..extensions.enabledAddons: rambler_toolbar%40rambler.ru:4.7.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://search.mywebs...A7Q&searchfor="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TranslationBuddy_5e.com/Plugin: C:\Program Files\TranslationBuddy_5e\bar\1.bin\NP5eStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5effxtbr@TranslationBuddy_5e.com: C:\Program Files\TranslationBuddy_5e\bar\1.bin [2013/01/13 17:53:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/18 19:56:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/18 19:56:10 | 000,000,000 | ---D | M]
[2013/08/21 18:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zz\AppData\Roaming\Mozilla\Extensions
[2013/10/14 21:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\extensions
[2012/08/23 05:38:36 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2013/01/13 17:53:22 | 000,000,000 | ---D | M] (TranslationBuddy) -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\extensions\5effxtbr@TranslationBuddy_5e.com
[2013/01/13 08:59:27 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\extensions\[email protected]
[2013/08/21 10:32:37 | 000,000,000 | ---D | M] (Рамблер Ассистент) -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\extensions\[email protected]
[2013/01/13 08:52:54 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2012/04/05 20:25:48 | 000,002,219 | ---- | M] () -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\searchplugins\4aqmrkj0vyg.xml
[2013/07/13 13:48:50 | 000,002,402 | ---- | M] () -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\searchplugins\bingp.xml
[2013/08/17 10:02:13 | 000,001,005 | ---- | M] () -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\searchplugins\conduit.xml
[2013/01/13 17:53:38 | 000,009,631 | ---- | M] () -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\searchplugins\my-web-search.xml
[2013/06/05 09:49:06 | 000,002,356 | ---- | M] () -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\searchplugins\startnow.xml
[2011/07/11 14:04:02 | 000,000,633 | ---- | M] () -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\searchplugins\startsear.xml
[2013/10/14 21:28:01 | 000,001,502 | ---- | M] () -- C:\Users\zz\AppData\Roaming\Mozilla\Firefox\Profiles\hgtb84zx.default\searchplugins\zonealarm.xml
[2013/09/18 19:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/14 04:18:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/18 19:55:39 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/09/18 19:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/14 04:18:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/18 19:56:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/18 19:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/10/27 09:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
Hosts file not found
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\zz\AppData\Local\DownloadTerms\temp.dat File not found
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (ZoneAlarm Do Not Track Me) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPAddon.dll (Abine Inc)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O2 - BHO: (Search Assistant BHO) - {8d28b450-b378-448a-a02f-c893bc7ed416} - C:\Program Files\TranslationBuddy_5e\bar\1.bin\5eSrcAs.dll (MindSpark)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Fast Free Converter 4.1) - {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\PROGRA~1\FASTFR~1\FASTFR~1\FASTFR~1.DLL File not found
O2 - BHO: (Toolbar BHO) - {dafcc24f-ff8f-4df8-a6d8-c4f8111181df} - C:\Program Files\TranslationBuddy_5e\bar\1.bin\5ebar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKLM\..\Toolbar: (TranslationBuddy) - {a3c5f699-f046-47e7-8011-06269bc6ed24} - C:\Program Files\TranslationBuddy_5e\bar\1.bin\5ebar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [TranslationBuddy Search Scope Monitor] C:\Program Files\TranslationBuddy_5e\bar\1.bin\5eSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [TranslationBuddy_5e Browser Plugin Loader] C:\Program Files\TranslationBuddy_5e\bar\1.bin\5ebrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [StartNow Search Protect] C:\Program Files\StartNow Toolbar\search_protect.exe ()
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C97CA9B-BC80-43AB-9889-DA0001E4C142}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C22BEA36-E98F-4B8C-9843-7C81C8CF7EF7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{288cc640-1f05-11e1-8f8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{288cc640-1f05-11e1-8f8d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.EXE /AUTORUN
O33 - MountPoints2\{288cc640-1f05-11e1-8f8d-806e6f6e6963}\Shell\configure\command - "" = D:\setup.EXE
O33 - MountPoints2\{288cc640-1f05-11e1-8f8d-806e6f6e6963}\Shell\install\command - "" = D:\setup.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/20 15:56:58 | 000,000,000 | ---D | C] -- C:\Users\zz\AppData\Local\DoNotTrackPlus
[2013/10/10 03:11:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/10 03:11:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/10 03:11:02 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/10 03:11:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/10 03:11:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/10 03:11:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/10 03:11:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/10 03:10:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/09 05:58:52 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 05:58:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/09 05:58:48 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/09 05:58:48 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/09 05:58:48 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/09 05:58:48 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/09 05:58:48 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/09 05:58:48 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/09 05:58:48 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/09 05:58:48 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/09 05:58:45 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/09 05:58:23 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/09 05:58:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/09 05:58:20 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/09 05:58:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/09 05:58:16 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
========== Files - Modified Within 30 Days ==========
[2013/10/28 20:35:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/28 20:15:40 | 004,262,544 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/28 20:15:40 | 001,413,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/28 20:14:06 | 000,007,289 | -H-- | M] () -- C:\Windows\System32\BTImages.dat
[2013/10/28 19:33:58 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 19:33:58 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 15:21:30 | 000,955,897 | ---- | M] () -- C:\Users\zz\Documents\tort wesele.jpg
[2013/10/28 15:20:38 | 000,310,907 | ---- | M] () -- C:\Users\zz\Documents\bukiet7.jpg
[2013/10/28 15:20:18 | 000,545,636 | ---- | M] () -- C:\Users\zz\Documents\P6290031.JPG
[2013/10/28 15:19:56 | 001,582,183 | ---- | M] () -- C:\Users\zz\Documents\P6290041.JPG
[2013/10/27 21:33:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/27 21:33:37 | 2548,088,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/20 15:57:34 | 000,008,704 | ---- | M] () -- C:\Users\zz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/10 05:28:25 | 000,249,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/08 20:35:21 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/08 20:35:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013/10/28 15:21:21 | 000,955,897 | ---- | C] () -- C:\Users\zz\Documents\tort wesele.jpg
[2013/10/28 15:20:34 | 000,310,907 | ---- | C] () -- C:\Users\zz\Documents\bukiet7.jpg
[2013/10/28 15:20:11 | 000,545,636 | ---- | C] () -- C:\Users\zz\Documents\P6290031.JPG
[2013/10/28 15:19:40 | 001,582,183 | ---- | C] () -- C:\Users\zz\Documents\P6290041.JPG
[2013/05/16 03:00:43 | 000,007,289 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2013/02/13 07:47:07 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2013/01/13 23:47:02 | 000,026,128 | ---- | C] () -- C:\Windows\System32\ZABackupXceedCryReg.exe
[2013/01/13 23:47:01 | 000,441,705 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2013/01/13 23:47:01 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2012/04/17 14:43:44 | 000,008,704 | ---- | C] () -- C:\Users\zz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/12 01:18:46 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/10 00:13:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/12/09 11:09:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/09 11:09:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/12/07 23:37:10 | 000,017,408 | ---- | C] () -- C:\Users\zz\AppData\Local\WebpageIcons.db
[2011/12/05 02:36:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Files - Unicode (All) ==========
[2013/10/09 07:21:08 | 000,988,086 | ---- | M] ()(C:\Users\zz\Documents\???187.jpg) -- C:\Users\zz\Documents\нет187.jpg
[2013/09/20 12:30:11 | 000,699,565 | ---- | M] ()(C:\Users\zz\Documents\????0113.jpg) -- C:\Users\zz\Documents\Фото0113.jpg
[2013/09/20 12:30:03 | 000,647,733 | ---- | M] ()(C:\Users\zz\Documents\????0116.jpg) -- C:\Users\zz\Documents\Фото0116.jpg
[2013/09/20 12:28:59 | 000,700,728 | ---- | M] ()(C:\Users\zz\Documents\????0114.jpg) -- C:\Users\zz\Documents\Фото0114.jpg
[2013/09/20 12:28:37 | 000,540,771 | ---- | M] ()(C:\Users\zz\Documents\????0115.jpg) -- C:\Users\zz\Documents\Фото0115.jpg
[2013/09/20 12:25:09 | 000,647,733 | ---- | C] ()(C:\Users\zz\Documents\????0116.jpg) -- C:\Users\zz\Documents\Фото0116.jpg
[2013/09/20 12:24:57 | 000,699,565 | ---- | C] ()(C:\Users\zz\Documents\????0113.jpg) -- C:\Users\zz\Documents\Фото0113.jpg
[2013/09/20 12:24:42 | 000,540,771 | ---- | C] ()(C:\Users\zz\Documents\????0115.jpg) -- C:\Users\zz\Documents\Фото0115.jpg
[2013/09/20 12:24:26 | 000,700,728 | ---- | C] ()(C:\Users\zz\Documents\????0114.jpg) -- C:\Users\zz\Documents\Фото0114.jpg
[2013/08/21 13:46:25 | 000,988,086 | ---- | C] ()(C:\Users\zz\Documents\???187.jpg) -- C:\Users\zz\Documents\нет187.jpg
[2013/06/15 10:13:25 | 001,326,154 | ---- | M] ()(C:\Users\zz\Documents\????.JPG) -- C:\Users\zz\Documents\аава.JPG
[2013/06/15 10:13:13 | 001,311,728 | ---- | M] ()(C:\Users\zz\Documents\?.JPG) -- C:\Users\zz\Documents\в.JPG
[2013/06/15 10:13:12 | 001,338,614 | ---- | M] ()(C:\Users\zz\Documents\???.JPG) -- C:\Users\zz\Documents\кек.JPG
[2013/06/15 10:13:09 | 001,102,035 | ---- | M] ()(C:\Users\zz\Documents\?.JPG) -- C:\Users\zz\Documents\р.JPG
[2013/06/15 10:13:05 | 001,326,513 | ---- | M] ()(C:\Users\zz\Documents\??.JPG) -- C:\Users\zz\Documents\ке.JPG
[2013/06/15 10:12:58 | 001,308,822 | ---- | M] ()(C:\Users\zz\Documents\????.JPG) -- C:\Users\zz\Documents\вуву.JPG
[2013/06/15 10:12:47 | 001,322,086 | ---- | M] ()(C:\Users\zz\Documents\DSCN0001??.JPG) -- C:\Users\zz\Documents\DSCN0001щз.JPG
[2013/06/15 10:12:37 | 001,292,847 | ---- | M] ()(C:\Users\zz\Documents\????.JPG) -- C:\Users\zz\Documents\имсп.JPG
[2013/06/15 10:12:34 | 001,135,244 | ---- | M] ()(C:\Users\zz\Documents\??.JPG) -- C:\Users\zz\Documents\ак.JPG
[2013/06/15 10:10:34 | 001,342,784 | ---- | M] ()(C:\Users\zz\Documents\????.JPG) -- C:\Users\zz\Documents\кеке.JPG
[2013/06/15 10:10:07 | 001,326,154 | ---- | C] ()(C:\Users\zz\Documents\????.JPG) -- C:\Users\zz\Documents\аава.JPG
[2013/06/15 10:10:02 | 001,102,035 | ---- | C] ()(C:\Users\zz\Documents\?.JPG) -- C:\Users\zz\Documents\р.JPG
[2013/06/15 10:09:57 | 001,338,614 | ---- | C] ()(C:\Users\zz\Documents\???.JPG) -- C:\Users\zz\Documents\кек.JPG
[2013/06/15 10:09:48 | 001,326,513 | ---- | C] ()(C:\Users\zz\Documents\??.JPG) -- C:\Users\zz\Documents\ке.JPG
[2013/06/15 10:09:44 | 001,292,847 | ---- | C] ()(C:\Users\zz\Documents\????.JPG) -- C:\Users\zz\Documents\имсп.JPG
[2013/06/15 10:09:38 | 001,311,728 | ---- | C] ()(C:\Users\zz\Documents\?.JPG) -- C:\Users\zz\Documents\в.JPG
[2013/06/15 10:09:29 | 001,308,822 | ---- | C] ()(C:\Users\zz\Documents\????.JPG) -- C:\Users\zz\Documents\вуву.JPG
[2013/06/15 10:09:23 | 001,135,244 | ---- | C] ()(C:\Users\zz\Documents\??.JPG) -- C:\Users\zz\Documents\ак.JPG
[2013/06/15 10:09:18 | 001,322,086 | ---- | C] ()(C:\Users\zz\Documents\DSCN0001??.JPG) -- C:\Users\zz\Documents\DSCN0001щз.JPG
[2013/06/15 10:09:02 | 001,342,784 | ---- | C] ()(C:\Users\zz\Documents\????.JPG) -- C:\Users\zz\Documents\кеке.JPG
[2012/04/17 14:30:32 | 000,000,348 | ---- | M] ()(C:\Users\zz\Documents\????? ??? ????? ????? (4).lnk) -- C:\Users\zz\Documents\Ярлык для Новая папка (4).lnk
[2012/04/17 14:28:48 | 000,000,348 | ---- | C] ()(C:\Users\zz\Documents\????? ??? ????? ????? (4).lnk) -- C:\Users\zz\Documents\Ярлык для Новая папка (4).lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????? Microsoft Office) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Средства Microsoft Office
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\zz\Documents\MVI_0085.AVI:TOC.WMV
< End of report >
Please help!!!